Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:121430 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 73065 invoked from network); 19 Oct 2023 11:26:15 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 19 Oct 2023 11:26:15 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 1274A180511 for ; Thu, 19 Oct 2023 04:26:15 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS15169 209.85.128.0/17 X-Spam-Virus: No X-Envelope-From: Received: from mail-pg1-f169.google.com (mail-pg1-f169.google.com [209.85.215.169]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Thu, 19 Oct 2023 04:26:14 -0700 (PDT) Received: by mail-pg1-f169.google.com with SMTP id 41be03b00d2f7-5a1d89ff4b9so4688296a12.0 for ; Thu, 19 Oct 2023 04:26:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1697714773; x=1698319573; darn=lists.php.net; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=otHytSD3SDDlqXO0j88hobPH+cJMn//MFEwbyKYiBQs=; b=emV9pnkXkLfvXI9qNVYzB0oIcl8zwoW9e3WywuXGvM6/MJvX+1JkiCGlZC6T5HgEEa vPZVkPLnyjzqPWxdm41qMB25axOqqn1cn7YF2o+4Mb2taI5qgoVRahhz91G6mhsYfSGq YjXpw6G/LSsABxwbRMJRLJJAdfkrp+9hkx35Zg3Tc1tAAbcadqzZ3ZSkp28WMIwPacgN yent2FbEoJUZ1fteLoDCZvWo8Du+MMT2P7t/8MWGMK2c0Ya2pBpQlHwjDPQeR+OFU9X4 31xdKOty7IucLpa/zU+pe3TkPt4+AJmJALgqBG50cyGk3Vz/Iie0TB+QndoTcKLEcpj8 2e3A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697714773; x=1698319573; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=otHytSD3SDDlqXO0j88hobPH+cJMn//MFEwbyKYiBQs=; b=YrATmFaqHNWridtYAJlmBWdCs7TollYLLPv358LMON1yZm7t4i1etbqT+c+QXXCv2x YpOUO0LwRNitltCTT3Vo4fEzYCSILvRkwNTCEkbd0SUppv7PKbkfsS0bi2MJ/9fEhTV4 JxgSY2s4gvkTFvBIHcNOgtOUA16uacQrNSb+5KmC7AM6aDGmXKjmyUbsBkRYH0MMzChz KoZNq7CdicAmmBQplt4UdmeRhXA0IUYUbOM291RABOhDbaMoukjIdWClqcv0n9TOU2Oz NxevXHocFst6tMYxGZajqbWDduSwfgUBQPzPPeD/tYUHxUoWh0NwjfYvh/F2kfcdA6nR Al4A== X-Gm-Message-State: AOJu0Yy2zcNLFxvS/VXlcrjxGkIPEVtIOJACsjDmVdZH73NGRjgnJzej pHC2o+8HXVdhO1myPpm360OKBMWhSzZAp1T1G+a79Y3dj8k= X-Google-Smtp-Source: AGHT+IGnrmNBMOIyphSeN+gF8cy2PWFlXUJKB3dxiWtvkMMiRSbYVd/j9JuiuY4aAXaPw+1WSOWe6FuBP57kT6nK3c0= X-Received: by 2002:a05:6300:8001:b0:13f:1622:29de with SMTP id an1-20020a056300800100b0013f162229demr1675993pzc.7.1697714773333; Thu, 19 Oct 2023 04:26:13 -0700 (PDT) MIME-Version: 1.0 References: <4daf6b2a-94dc-4d37-bb4d-512bba5f726b@app.fastmail.com> In-Reply-To: <4daf6b2a-94dc-4d37-bb4d-512bba5f726b@app.fastmail.com> Date: Thu, 19 Oct 2023 13:26:02 +0200 Message-ID: To: Larry Garfield Cc: php internals Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Subject: Re: [PHP-DEV] Re: [RFC][Under discussion] RFC1867 for non-POST HTTP verbs From: tovilo.ilija@gmail.com (Ilija Tovilo) Hi Larry On Wed, Oct 18, 2023 at 7:26=E2=80=AFPM Larry Garfield wrote: > > On Fri, Oct 6, 2023 at 3:44=E2=80=AFPM Ilija Tovilo wrote: > >> https://wiki.php.net/rfc/rfc1867-non-post > > The functionality all seems reasonable to me. I have a few smaller conce= rns: > > 1. Like Derick, I think I'd favor including the config overrides now. I will check if this can be implemented without too many changes. > 2. Lots of request bodies are not forms these days; they're frequently JS= ON or GraphQL. This function would be useless in those cases; that's fine,= but should the name then suggest that it's for form data only? request_pa= rse_form() or similar? I'm just concerned about misleading people into thi= nking it can parse their JSON bodies, when that's not a thing. (Unless we = wanted to provide some kind of callback mechanism, which is probably overki= ll here.) request_parse_body() is indeed not aimed at other content types as-is. A generic name would allow extending the function to support other content types in the future, although it's currently unclear whether that's desirable. E.g. for JSON, people might be confused why there's a file index in the returned array that is always empty. > 3. For an unsupported mime type, I'd recommend a more specific exception = than InvalidArgumentException. Give that a custom sub-class that tracks wh= at the actual mime type was that the request had and it rejected. A custom exception class sounds reasonable. The mime-type is contained in the exception message. > 4. I don't quite grok the "input" section. So if I don't disable the aut= omatic parsing, does that mean request_parse_body() will always fail? Or w= ill it still work, but just be more memory-wasteful? That's not clear to m= e; I'd prefer if it works but is just memory-wasteful, personally, as that = would be more portable for projects that want to use it. Whether request_parse_body() can work repeatedly depends on whether the input has been buffered. application/x-www-form-urlencoded is buffered and as such works multiple times. multipart/form-data *can* be buffered if done manually by opening php://input and reading the whole input before calling request_parse_body(). Yes, for post this means one needs to disable enable_post_data_reading. Since files are stored on disk, buffering files means doubling disk load. Uploading a 2GB file would require at least 4GB of disk space. I don't think that's a good trade-off as there shouldn't be a reason to call this function twice. Ilija